Date: Sat, 10 Apr 1999 00:03:48 +0800 From: Dibyo Gahari <dibyo@bali.net> To: Khetan Gajjar <khetan@os.org.za> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: how to change a password through a web page ? Message-ID: <Version.32.19990410000043.01701da0@bali.net> In-Reply-To: <Pine.BSF.4.10.9904082359300.16986-100000@chain.freebsd.os. org.za> References: <Pine.BSF.4.03.9904081233240.25113-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks a lot, Khetan Gajjar. Although I have not successfully installed the script yet, I think it's close to what I need. There is "Password Server is not responding." message. FYI, I installed poppassd-4_0.tgz from FreeBSD.ORG. Please advice. Regards, Dibyo Gahari At 06:02 09/04/99 , Khetan Gajjar wrote: >Around Today, "Doug White" wrote : > >DW> > Where can I find a freeware script to realize it ? >DW> >DW> Everyone wants to do this, surely _SOMEONE_ has their code posed o a site >DW> somewhere... > >Even better, I'll include one here. > >This was taken from somewhere (I forget where). > >Set httpd.server.name to the name that runs the script, >and poppassd.server.name to the name of the server running >Qualcomm's poppassd. > >I would personally recommend tcp_wrapping popassd so that it >can only be accessed by the web server, to increase security >slightly. > >I call it with a bit of HTML that looks like this : > >--sample passwd.html-- ><form action="/cgi-bin/change-pass.cgi" method="POST"> >Enter your username (all lower case): <BR> ><input type=text name="username" size=20><BR> ><P> >Enter your current password: <BR> ><input type="password" name="oldpasswd" size=20><br> >Select a new password: <BR><input type="password" name="passwd" size=20> <BR> >Re-enter your new password for verification: <BR> ><input type="password" name="passwd1" size=20> <p> > ><input type="submit" value="Change Password"> ><input type = "reset" value = "Clear Fields"> > ></form> >--sample passwd.html-- > >--/cgi-bin/change-pass.cgi-- >#!/usr/bin/perl ># ># Simple POPPASSD Password Changer ># mp@atlantic.net 2/1/97 ># ># Thanks to westnet.com for the idea; written cause I couldnt ># get theirs to work. This one asks for username and password ># and changes the password via POPPASSD. (There is a sample ># index.html that goes with this. put it in a directory called ># password under your document root, and then users can call ># it like http://www.atlantic.net/password ># ># It uses your poppassd port to do the work, so it requires ># you have it installed -- but that way it will honor any ># type of security checks you want/have implemented. ># Isn't that special? ># ># You will need to change the line with $clientid= ># to your poppassd server -- this script can be run on a ># different machine than where the poppassd program resides; ># and you will have to change the "rawclient" line from ># rio.atlantic.net to match the hostname of the host ># this script runs from. ># ># If your looking for a link to the 'net, check out ># http://www.atlantic.net; we work with ISPs/corporations/individuals ># ># Use @ your own risk! > >read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); > ># Split the name-value pairs >@pairs = split(/&/, $buffer); > >foreach $pair (@pairs) >{ > ($name, $value) = split(/=/, $pair); > > # Un-Webify plus signs and %-encoding > $value =~ tr/+/ /; > $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; > $name =~ tr/+/ /; > $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; > > > # Set each variable > >if ($name eq "username") >{ > $n=$value; >} >if ($name eq "oldpasswd") >{ > $op=$value; >} >if ($name eq "passwd") >{ > $np=$value; >} >if ($name eq "passwd1") >{ > $np1=$value; >} > # Stop people from using subshells to execute commands > # Not a big deal when using sendmail, but very important > # when using UCB mail (aka mailx). > # $value =~ s/~!/ ~!/g; > > # Uncomment for debugging purposes > # print "Setting $name to $value<P>"; > ># $FORM{$name} = $value; >} > >if ($np ne $np1) >{ > $line="New Passwords Dont Match."; > &error_out; >} > >$port=106; >$clientid="popassd.server.name"; > > >while(getservbyport($port,"tcp")) { > $port++; >} > >($d1,$d2,$prototype)=getprotobyname("tcp"); >($d1,$d2,$d3,$d4,$rawclient)=gethostbyname("httpd.server.name"); >($d1,$d2,$d3,$d4,$rawserver)=gethostbyname($clientid); >$clientaddr=pack("Sna4x8",2,0,$rawclient); >$serveraddr=pack("Sna4x8",2,$port,$rawserver); >socket(SOCKET,2,1,$prototype) || die("No socket"); >bind (SOCKET,$clientaddr) || die ("Can't bind"); >$cstat=connect(SOCKET, $serveraddr); >select(SOCKET); >$|=1; > >if ($cstat != 0) >{ >&get_reply; >print SOCKET "user $n\n"; >&get_reply; >print SOCKET "pass $op\n"; >&get_reply; >print SOCKET "newpass $np\n"; >&get_reply; >select(STDOUT); >printf("Content-type: text/html\n"); >printf("\n"); >printf("<HTML>\n"); >printf("<TITLE>Password Changed Successfully.</TITLE>\n"); >printf("<BR>\n"); >printf("Your password has been changed successfully. It may take up\n"); >printf("to 6 hours for your new password to take effect.<BR>"); >printf("<BR>\n"); >printf("$line<BR>\n"); >printf("<BR>"); >printf("</HTML>\n"); >exit(1); >} >else >{ > $line="Password Server is not responding.\n"; > &error_out; >} > >close(SOCKET); >exit(1); > >sub get_reply >{ > $line=<SOCKET>; > $v=substr($line,0,3); > if ($v ne "200") > { > &error_out; > } >} > >sub error_out >{ > >select(STDOUT); >printf("Content-type: text/html\n"); >printf("\n"); >printf("<HTML>\n"); >printf("<TITLE>An error has occurred</TITLE>\n"); >printf("<BR>\n"); >printf("We were unable to change your password. Please read the\n"); >printf("diagnostic message below and try again. If you need additional\n"); >printf("assistance, please send e-mail to webmaster\@dom.a.in with the >following"); >printf(" diagnostic message.<BR><BR>"); >printf("<BR>\n"); >printf("<B>$line</B><BR>\n"); >printf("<BR>"); >printf("Please go to <a >href=\"http://httpd.server.name/blah.html\">http://httpd.server.name/blah.h tml >to try again.\n"); printf("</HTML>\n"); >exit(1); > >} >--/cgi-bin/change-pass.cgi-- > >--- >Khetan Gajjar (!kg1779) * khetan@os.org.za >http://www.os.org.za/~khetan * Talk/Finger khetan@chain.freebsd.os.org.za >FreeBSD enthusiast * http://www2.za.freebsd.org/ >Security-wise, NT is a OS with a "kick me" sign taped to it > >Reference : <Pine.BSF.4.03.9904081233240.25113-100000@resnet.uoregon.edu> >Date : Apr 8, 1999, 12:34pm > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Version.32.19990410000043.01701da0>